FALCON-C: Flow-based Analysis and Labeling for Connected Vehicular Network Cybersecurity

Computer Science > Cryptography and Security [Submitted on 22 May 2026] FALCON-C: Flow-based Analysis and Labeling for Connected Vehicular Network Cybersecurity Joshua Bean, Dimitrios Michael Manias Along with the recent rise in popularity of Electric Vehicles (EVs), Electric Vehicle Supply Equipment (EVSE) has emerged as a new target for cyber attacks. Therefore, ensuring the security and integrity of network communication between EVSE components and vehicular clients is a significant challenge that must be addressed. To this end, this paper proposes a Flow-based Analysis and Labeling for COnnected vehicular Network Cybersecurity (FALCON-C) framework. The FALCON-C framework leverages an autoencoder for anomaly detection and is trained on a small number of benign flows from the CICEVSE2024 dataset. The model's objective is to model benign flow behavior and identify malicious flows by detecting statistically different reconstruction error profiles. The results demonstrate that the model can successfully identify malicious flows, achieving 100% accuracy. Initially, some benign flows were misclassified as malicious, resulting in a suboptimal false positive rate. A thorough analysis of the autoencoder's performance and the nature of misclassified flows led to the development of a refined decision boundary, improving the framework's performance by 8.6%. FALCON-C is intended to support Security Operations Center activities by automating flow labeling, leading to the enhanced curation of reliable datasets that can be used for various activities, including threat modeling and hunting, decision auditing, and intrusion detection system refinement. Comments: Accepted: IEEE HPSR 2026 Subjects: Cryptography and Security (cs.CR) Cite as: arXiv:2605.24206 [cs.CR]   (or arXiv:2605.24206v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2605.24206 Focus to learn more Submission history From: Dimitrios Michael Manias [view email] [v1] Fri, 22 May 2026 20:46:55 UTC (84 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-05 Change to browse by: cs References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)